HexName-NixOS/pkgs/powerdns.nix

{ config, pkgs, lib, ... }:

let
  domain = "hexname.com";
  # pdnsIp = "10.89.0.53";
in
{
  virtualisation.oci-containers.containers = {
    hexname-powerdns = {
      image = "pschiffe/pdns-pgsql:latest";
      hostname = "ns1.${domain}";
      # ports = [
      #   "127.0.0.1:8081:8081/tcp"
      # ];
      # networks = [ "hexname-net" ];

      volumes = [
        "/etc/localtime:/etc/localtime:ro"
      ];

      environmentFiles = [ "/etc/env/hexname/powerdns.env" ];
      environment = {
        # PDNS_primary = "yes";
        PDNS_api = "yes";
        PDNS_disable_axfr = "yes";
        #PDNS_webserver = "yes";
        PDNS_webserver_address = "127.0.0.1";
        PDNS_webserver_port = "8081";
        PDNS_local_address = "0.0.0.0:53";
        PDNS_webserver_allow_from = "127.0.0.1/24";
        PDNS_version_string = "anonymous";
        PDNS_default_ttl = "3600";

        # PDNS_gpgsql_password=...
        # PDNS_api_key=...

        PDNS_gpgsql_host = "127.0.0.1";
        PDNS_gpgsql_port = "5432";
        PDNS_gpgsql_dbname = "powerdns";
        PDNS_gpgsql_user = "powerdns";
        PDNS_gpgsql_dnssec = "yes";
      };

      extraOptions = [
        "--network=host"
      ];
      # dependsOn = [ "hexname-postgres" ];
    };
  };

  # systemd.services.podman-network-hexname = {
  #   description = "Podman network for HexName/PowerDNS";
  #   after = [ "podman.service" ];
  #   wantedBy = [ "multi-user.target" "podman-hexname-postgres.target" "podman-hexname-powerdns.target" ];
  #   serviceConfig.Type = "oneshot";
  #   path = [ pkgs.podman ] ;
  #   script = ''
  #     podman network inspect hexname-net >/dev/null 2>&1 || \
  #       podman network create hexname-net --subnet 10.89.0.0/24
  #   '';
  # };

  # Bind port 53 and send all requests to the container
  # networking.nftables.enable = true;
  # networking.nftables.tables.dns = {
  #   family = "inet";
  #   content = ''
  #     chain prerouting {
  #       type nat hook prerouting priority -100;

  #       udp dport 53 dnat ip to ${pdnsIp}:53
  #       tcp dport 53 dnat ip to ${pdnsIp}:53
  #     }

  #     chain postrouting {
  #       type nat hook postrouting priority 100;
  #       ip saddr 10.89.0.0/24 masquerade
  #     }
  #   '';
  # };

  networking.firewall.allowedTCPPorts = [ 53 ];
  networking.firewall.allowedUDPPorts = [ 53 ];
}